Chapter 2: Promoting the soundness of the banking system ... … · iv. Risk framework • The...
Transcript of Chapter 2: Promoting the soundness of the banking system ... … · iv. Risk framework • The...
43Bank Supervision Department Annual Report 2010
Chapter 2: Promoting the soundness of thebanking system: Overview ofsupervisory activities
2.1 Introduction
In its 2007 Annual Report the Department provided a detailed overview of its supervisory
review process, which has been refined on an ongoing basis during the past two years to
align it with international best practice and to facilitate the effective supervision of the South
African banking sector.
In this chapter, details of the flavour-of-the-year topics covered during 2010 are provided and
the key supervisory activities of the Department relating to the Pillar 1 risk areas, namely credit
risk, market risk and operational risk are discussed. The Pillar 2 Internal Capital Adequacy
Assessment Process (ICAAP) reviews and Pillar 3 disclosure assessments performed during
the period under review are also discussed. Finally, an overview is provided of a common
scenario stress-testing exercise that was performed by the Department.
2.2 Flavour-of-the-year topics covered during 2010
Each year the Department identifies certain key topics related to the effective functioning of
banks that are then reviewed during the annual meetings held with the board and/or board
subcommittees of banks. In 2010 the following two topics were identified:
i. The functioning of the Audit Committees, and the Board Risk and Capital Committees
of banks
ii. The management and board oversight of the risks posed and the controls instigated to
mitigate the risks posed by diversified banking groups.
2.2.1 The functioning of Audit Committees, and Board
Risk and Capital Committees of banks
The Department conducted a review of the functioning of two key board subcommittees of
South African banks during the year under review. In terms of sections 64 and 64A of the Banks
Act, 1990, all South African banks are required to establish an Audit Committee, and a Risk and
Capital Management Committee. The aforementioned sections also prescribe the composition
and duties of these committees.
2.2.1.1 Functioning of Audit Committees
The functioning of the Audit Committees was reviewed with reference to the following three
categories:
i Frequency of meetings and attendance of committee members: Banks’ Audit Committees
held meetings at least four times during the financial year, with one bank having held seven
Audit Committee meetings. Generally, all committee members had not missed more than
one meeting during the financial year under review, while more than 80 per cent of committee
members had attended all meetings.
ii Items discussed and decisions made: The items on the agendas of banks’ Audit Committee
meetings were found to be relevant and sufficiently detailed, with important decisions having
been made by these committees. The items discussed included the following:
– Review and recommendation for approval of annual financial statements
– Approval of external auditors
key topics related to the effective functioning of banks
functioning of Audit Committees reviewed
Bank Supervision Department Annual Report 201044
– Updating of Audit Committee charters
– Review and approval of internal audit charters
– Discussion of audit and compliance reports
– Discussion of key bank, industry and accounting developments
– Review of regulatory interactions and outstanding regulatory requirements.
iii Significant outstanding items: Banks’ Audit Committees were found to have finalised key items on their agendas in the previous financial year. However, some bank-specific items remained unresolved, such as tax treatment of certain structured transactions; independent review of internal audit functions; review of non-core business operations; and continuous
enhancement of internal controls.
2.2.1.2 Functioning of Board Risk and Capital Management Committees
The functioning of Board Risk and Capital Management Committees was reviewed with
reference to the following four categories:
i. Frequency of meetings and committee members’ attendance: It was found that banks’ Risk and Capital Management Committees met at least four times during the financial year. The range of meetings held was quite varied across banks, in particular where smaller banks were compared to larger and more complex banks. Additional meetings mainly resulted from the more advanced risk frameworks prevalent in larger banks. Similar to the findings in respect of audit committees, all committee members were found not to have missed more than one meeting during the financial year under review, while more than 80 per cent of committee members attended all meetings. In instances where an exception to the aforementioned was noted, committee chairpersons advised that they had been provided
with valid reasons for members not being able to attend.
ii. Items discussed and decisions made: Risk and Capital Management Committees focused on a broad range of risk-related matters including, but not limited to,
a. enterprise-wide risk management frameworks;b. balance sheet and capital management;c. risk reports and dashboards in respect of key risks facing banks;d. key risk parameters and risk appetite;e. review and approval of internal capital-adequacy assessment processes; and
f. review and approval of significant risk models employed by banks.
Furthermore, these committees spent significant amounts of time on ongoing development
and training.
iii. Significant outstanding items and focus areas during 2010: Outstanding matters and focus areas during 2010 were relatively diverse, and the most significant of these included credit impairments; capital management and planning; implications of legislative changes; Basel III-
related developments; liquidity risk management; risk appetite; and volatility of earnings.
iv. Compliance with section 64A of the Banks Act, 1990: The Department also assessed the methodologies and practices employed by banks’ Risk and Capital Management Committees to ensure compliance with section 64A of the Banks Act, 1990. Banks benchmarked their methodologies and practices against each of the requirements of section 64A, thereby
evidencing their level of compliance, which the Department found to be high.
Section 64A(2)(d) requires banks to conduct an annual formal risk assessment and banks were
found to be generally compliant with this requirement. However, the formalisation of the process
was found to be an outstanding issue in certain banks.
The Department required banks to address all items where they were found not be fully
compliant with the requirements of section 64A. These matters will be followed up during the
Department’s 2011 supervisory cycle.
2.2.1.3 Conclusion
The Department found the Audit Committees, and Risk and Capital Management Committees
to be operating adequately which, in turn, contributed to the overall sound corporate governance
some bank-specific items remained unresolved
more advanced risk frameworks prevalent in larger banks
ongoing development and training
formalisation of process still outstanding
45Bank Supervision Department Annual Report 2010
in South African banks. Notwithstanding these findings, the Department will remain vigilant in its
ongoing assessment of banks’ corporate governance practices.
2.2.2 Management and board oversight of the risks
posed, and the controls instigated to mitigate
the risks posed by diversified banking groups
The board is one of the key role players in the supervisory process, and accepts ultimate
responsibility for the risk profile of a bank and banking group. The Department therefore
regarded it essential to conduct, as part of its 2010 supervisory programme, meetings with the
boards of banks to assess their management and oversight of the risks posed, and controls
instigated to mitigate the risks posed by their diversified banking groups.
Institutions were required to address relevant aspects pertaining to the said topic during the
Department’s meeting with the boards of banks.
Diversified banking groups conduct part of their business through subsidiaries and affiliates and,
consequently, are exposed to potential, and sometimes significant, risks outside those of their
normal banking operations. Diversified banking groups could therefore incur substantial losses
stemming from entities elsewhere in the group and the size of the losses could be substantial.
Recent global experiences had also highlighted the importance of consolidated oversight by
management and the boards of diversified banking groups. The board and management of
a diversified banking group therefore need to evaluate the strength of the entire group, taking
into account all the risks that may affect it, regardless of whether these risks are carried on the
balance sheet of the bank or those of related entities.
The effectiveness of boards’ oversight of the aforementioned was reviewed with reference to
the following six categories:
i. Overall group structure
• The composition of the overall group structure split between banking, insurance and
other activities
• The major operating entities within the group.
ii. Governance
• Governance structures existing at various levels within the group, such as the board,
Audit Committee, Risk, Capital and Compliance Committee, and Remuneration
Committee
• The organisational structure of the group focusing on the key roles and responsibilities
for line management of the group and major operating entities within the group
• The extent to which specialist knowledge exists within the board of the group that is
commensurate with the complexity and nature of risks undertaken by the group
• The process followed by the board to apprise itself of material issues within the group
entities
• Materiality levels within the group.
iii. Risk appetite and risk tolerance
• The diversified banking group’s risk appetite statement and tolerance levels, and the
extent to which the risk appetite statement and tolerance levels are incorporated into
other major group operating entities
• Examples evidencing the extent to which risk appetite and tolerance levels have been
breached due to exposures outside the bank.
iv. Risk framework
• The establishment of an enterprise-wide risk management framework within the group
• The implementation of an integrated risk measurement and management framework for
credit, market, operational and other risks
• The organisational structure of the group focusing on the key roles and responsibilities
for risk management of the group and major operating entities within the group
• Future enhancements to be made to the group risk management framework.
diversified banking groups could incur substantial losses
Bank Supervision Department Annual Report 201046
v. Risk assessment
• The aggregation of risk exposures and the subsequent reporting to the board
• Examples of the extent to which other risk exposures originating from outside the bank
have been highlighted to the board and the actions taken
• The contribution to group net income before taxation by each of the major entities within
the group.
vi. Information technology
• The adequacy of the IT to facilitate the production of adequate, reliable and timely
management information at group and at major operating entity levels
• Identified enhancements to be made to the group IT infrastructure.
The exercise proved to be useful in focusing the attention of boards on the spread of activities
being undertaken across groups. In general, boards appeared to have a grasp on the larger
group activities but were somewhat unsighted on the precipitation of a myriad of smaller group
interests or entities and on geographic (global) spread. Accordingly, some boards have agreed
to devote quality and quantity time during 2011 to gaining a better understanding of all levels
of group activity from a complexity, necessity, risk and geographic (global) spread perspective.
Attempts will be made to streamline and downsize structures where appropriate.
2.3 Credit risk
2.3.1 Introduction
Banks in South Africa can select from a menu of approaches to calculate their minimum required
regulatory capital relating to credit risk for Pillar 1. These approaches include the standardised
approach (STA), which also incorporates a simplified standardised approach, and two models-
based approaches (MBAs). The MBAs comprise the foundation internal ratings-based approach
(FIRB), in terms of which certain model parameters are specified by regulation, and the AIRB in
which banks model the parameters. The proportion of banks registered in South Africa using
the aforementioned approaches is depicted in Figure 2.1.
During the year under review, the Department continued to perform both compliance-based
and prudential supervision of banks, specifically focusing on banks’ credit risk profiles and
portfolios that were, and continue to be, impacted by adverse market conditions and strained
economic activity. The work carried out covered the following:
• Quantitative analysis of regulatory reporting
• Review of self-assessment templates submitted by banks
exercise focused the attention of boards on the spread of activities being undertaken across groups
the Department continued to perform both compliance-based and prudential supervision of banks
Locally registered banks
13
1
3
Standardised approach (STA)
Foundation internal ratings-based (FIRB)
Advanced internal ratings-based (AIRB)
Branches of international banks
Figure 2.1 Reporting methods approved by the Registrar of Banks
1
12
47Bank Supervision Department Annual Report 2010
• Focused reviews of banks’ compliance with requirements for use of the IRB approach for the
calculation of minimum required regulatory capital relating to credit risk for Pillar 1
• Processing of applications submitted by banks for the implementation of new or revised
models and rating systems
• Focused reviews of banks’ compliance with requirements for use of the STA for the
calculation of minimum required regulatory capital relating to credit risk for Pillar 1
• Reviews of long-form reports by auditors relating to details in models used by banks with
approval to use the FIRB or AIRB approaches
• Assessment of the suitability of rating agencies to provide ratings as a measure of the
creditworthiness of banks’ assets.
2.3.2 Quantitative analysis of regulatory reporting
In the course of the Department’s ongoing analysis of bank data and its risk-based supervisory
interactions with banks, it became evident that banks had applied differing interpretations
to some key aspects of the credit risk regulations. This resulted in inconsistencies that
negatively affected trend and peer-group analyses. Some of these issues were reported in the
Department’s 2009 Annual Report, with specific reference to the credit risk survey that was
conducted. However, additional issues arose in 2010.
During 2010, the Department focused significant supervisory resources on addressing
reporting inaccuracies, interpretive matters and other areas where banks required specific
guidance. The Department held numerous technical discussions with banks and with their
external auditors in the form of workshops and meetings of the Credit Risk Business Forum.
These deliberations, together with feedback received from the World Bank and IMF delegation,
culminated in the formulation of policy on the preferred reporting on some line items, risk
weights and other technical matters. The resulting refinements have been published in the form
of Banks Act circulars and directives, and have been included in the proposed amendments to
the Regulations relating to Banks.
2.3.3 Review of self-assessment templates
submitted by banks
Banks that have acquired approval from the Registrar to report credit risk according to one of
the IRB approaches are continually assessed to determine their level of compliance with the
Regulations relating to Banks.
The IRB banks are required to complete and submit a self-assessment based on the Regulations
relating to Banks on an annual basis. The primary purpose is for both the bank and the
Department to become aware of areas of non-compliance, and to ensure that the necessary
steps are taken to address weaknesses identified.
During 2010, four domestic banks and one branch of an international bank submitted self-
assessment templates on their compliance with the credit risk regulations, based on data
for December 2009. The submissions were assessed and reviewed to identify gaps and
exceptions as defined in the 2008 Annual Report (pages 23 and 24). The gaps and exceptions
are addressed as part of the Department’s ongoing supervisory process.
2.3.4 Identified gaps
Some banks did not complete all the required sections in the self-assessment template.
2.3.5 Identified exceptions
The following common exceptions were identified:
• Scope of documentation: Rating systems design and operational details for some banks are
not properly documented
banks applied differing interpretations to some key aspects of credit risk regulations
IRB banks completed self-assessments based on the Regulations
Bank Supervision Department Annual Report 201048
• Retrospective reallocation requirement: Processes for obtaining and updating relevant and
material information on borrower financial conditions and facility characteristics to support
internal credit risk measurement and management processes still require improvement in
some banks
• Board and senior management responsibilities: The monitoring and reporting of rating
systems to the board and senior management require improvement in some banks
• Annual review of risk ratings: Some of the banks did not conduct the required annual review
of assigned borrower and facility ratings
• Requirements specific to PD, LGD and EAD estimates: Several banks still lack sufficient data
history required to estimate internal risk parameters.
2.3.6 Revision of self-assessment templates
For the 2011 submission of the self-assessment templates (based on December 2010 data), the
Department compared the self-assessment templates with those of other regulators and their
processes. Consequently, the following changes were made:
• The number of schedules was reduced from five to three
• Additional information was required on Schedule 1: Risk rating system summary.
2.3.7 Focused reviews of IRB requirements for credit risk
A number of focused on-site credit risk reviews were carried out during 2010 that spanned
selected retail and wholesale portfolios. The purpose of the on-site reviews was, among other
things, to determine whether the credit risk management practices of banks were sound,
whether the models remained fit for purpose and that adequate levels of capital were held for
credit risk. The Department continued to follow a risk-based approach in selecting portfolios to
be reviewed, and focused on the following:
• Model governance processes, specifically relating to prescribed annual validation and board
oversight
• Composition of selected portfolios, lending strategy and risk appetite (with specific reference
to documentary evidence of its existence and use)
• Review of management information reports used for credit risk management
• Review of rating system outputs including stability tests, backtesting results and other
ongoing monitoring and validation results.
2.3.8 Key findings
• Governance of model validation: In certain banks the process for escalating issues to the designated committee or board required improvement. The Department regards effective board oversight of the approval of all material aspects of a bank’s rating and risk estimation processes essential for good corporate governance. Consequently, the qualifying criteria in
the Regulations relating to Banks for the designated committee were amended to stipulate that the designated committee should be a subcommittee of the board. This amendment
has been incorporated in the proposed amended Regulations relating to Banks.
• Annual validation of models: It is the Department’s view that appropriate processes and clearly documented policies are fundamental to effective IRB implementation. Most of the banks with IRB approval have revised their validation frameworks to incorporate additional qualitative and quantitative aspects. Certain banks had not managed to conduct the prescribed annual validation on all their portfolios. However, action plans existed to remove the backlog during 2011. Banks were reminded that removing the backlog should not come at the expense of the depth and quality of the independent reviews, annual validations or the ongoing monitoring of the rating systems. Even though significant progress regarding documentation standards was evident, the Department expects banks to remain focused on improving the processes surrounding validation.
• Backtesting: As stated in the 2009 Annual Report, one of the issues identified to receive particular attention during 2010 was backtesting of credit risk models. In the assessment of the banks’ backtesting frameworks and methodologies, the Department ascertained that banks had performed limited out-of-time backtesting on the rating system parameters. Given the importance of backtesting, this will remain a focus area for 2011.
risk-based approach followed to select portfolios
qualifying criteria for designated committee amended
banks to remain focused on improving the processes surrounding validation
49Bank Supervision Department Annual Report 2010
• Level of compliance in terms of IRB requirements: The Department assessed the level of
compliance with the minimum IRB requirements during on-site visits. The following instances
of non-compliance were noted and will receive specific attention during 2011, in order to
monitor progress and ensure full compliance:
– Deviation from the strict application of the firm-size adjustment in accordance with the
provisions of the Regulations relating to Banks, that is, the application of the formula to
adjust the corporate risk-weight formula for exposures to small and medium enterprise
(SME) borrowers
– Incorrect classification and, in certain instances, a failure to report specialised lending
portfolios, especially the reporting of high-volatility commercial real-estate exposures
– Use of models to calculate expected loss and minimum required capital and reserve funds
without obtaining prior written approval from the Department
– Outdated reviews of assigned borrower and facility ratings, that is, ratings assignments
that were older than one year.
• Data quality: Banks continually strive to improve data quality. For most of them a data
governance framework existed with dedicated data management teams. Significant
progress was evident in the form of initiatives implemented to address issues highlighted
during data quality reviews and/or internal audits of data quality.
2.3.9 Processing of applications by banks to implement
new or revised models and rating systems
As regards the lifecycle of credit risk models, the Department anticipated that most banks
would focus on refining and redeveloping their rating systems roughly two years after the
implementation of Basel II in South Africa. During 2010, this transpired, with a significant number
of applications reaching the Department for approval to use revised rating systems to calculate
the minimum regulatory capital requirement for credit risk.
Significant rating system changes in many cases resulted in a decrease in the regulatory capital
requirement. The reasons for rating system changes included the following:
• Philosophy redesign: As the performance of models deteriorated, the need for redevelopment
increased.
• Development of own downturn LGD estimates: As downturn data was not readily available
to banks when models were first implemented, the Department allowed banks to use a proxy
for downturn LGD estimation, commonly referred to as the ‘Federal Reserve formula’, but
encouraged banks to derive their own estimates of downturn LGD. During 2010, banks used
the data collected during the recent downturn to estimate their own downturn LGD.
• Recalibrations using downturn data: Banks’ data history tended to be biased towards benign
periods of the cycle, and several recalibrations led to increased capital requirements with the
addition of downturn data.
• Removal of conservatism: Banks continued to lower the conservatism that originally
characterised their models, using data collected during the downturn period as motivation
that their models no longer required additional conservatism.
• Migration of portfolios from FIRB and STA to AIRB: Banks migrated smaller portfolios from
FIRB and STA approaches to the AIRB approach as they built up sufficient data history and/
or expertise in creating rating systems.
As reported in the 2009 Annual Report, the Department follows a formal approval process
to review material internal model changes or developments that fall outside the scope of the
original approval granted for use of an IRB approach prior to implementation (based on the
banks’ communication policy with the Department). Some of the applications for approval of
materially changed models were declined. In certain instances approval for using credit risk
models was based on, among other things, the following conditions:
• Additional capital requirements in terms of regulation 38(4) of the Regulations relating to
Banks, so-called Pillar 2b criteria
• Requirements for independent validation and the implementation of monitoring processes
within a prescribed period.
instances of non-compliance were noted
revised rating systems to calculate the minimum regulatory capital requirement for credit risk
Bank Supervision Department Annual Report 201050
2.3.10 Focused reviews of banks’ compliance with
requirements for use of the STA for the
calculation of minimum required regulatory
capital relating to credit risk for Pillar 1
It was reported in the 2008 Annual Report that the Department’s Review Team had commenced
with a project that entailed a review of the implementation by banks of STA for the computation
of regulatory capital in respect of credit and counterparty exposures. This project was continued
during 2010 and will be completed in 2011.
The reviews were risk-based and focused on assessing the degree of compliance by each bank
with the requirements of the Regulations relating to Banks. In particular, the reviews assessed the
correctness of the risk weights applied by banks in the calculation of their minimum required capital
and reserve funds relating to credit risk, and the reasonableness of the credit risk classifications
used. Where credit risk mitigation was taken into account, an evaluation was done of the eligibility
of the credit-risk mitigation instruments, the methodology employed and compliance with the
credit-risk mitigation policy. The same criteria were applied in the review of all banks but the
methodology was adapted to allow for the size of the bank and the processes implemented.
Most of the banks have been reviewed and the conclusion reached is that they have been
diligent in their implementation of STA and have, generally, complied with the requirements
of the Regulations relating to Banks. There was no common thread in the findings, although
some aspects of the STA, for example, the use of the international credit risk rating scales;
credit policies not incorporating the criteria for risk mitigation set out in the Regulations relating
to Banks; intangible assets not being deducted from capital and reserves; and the incorrect
treatment of derivative and securities financing transactions were prevalent.
The findings of the reviews were communicated to the senior management of the banks
concerned and their concurrence with, and a commitment to, rectifying the identified issues
were obtained. The rectification of the issues was followed up in the course of the supervisory
process and most issues have been resolved.
2.3.11 Long-form reviews
As a result of South Africa’s implementation of Basel II and the consequential amendments to
the Regulations relating to Banks, which provided the Registrar with the option to permit banks
to use the IRB approaches for credit risk, external auditors were confronted with increased
reporting duties relating to banks’ use of internal credit models for regulatory capital purposes.
This resulted in the external auditors and the Department commencing discussions on the
scope of work required from the external auditors as far as it related to banks’ IRB credit models
and external auditors’ reporting duties to the Registrar.
In addition to the aforementioned, new requirements in auditing standards and the level of
assurance to be provided by external auditors made it necessary for banks’ external auditors to
assess and revisit the levels of assurance to be provided to the Registrar on the directives in the
Regulations relating to Banks as far as they related to IRB credit risk models.
Discussions on the reporting duties of external auditors and the type of assurance to be provided
on IRB credit risk models used, began as far back as 2007. After several months of discussions,
the Department and the external auditors agreed on the level of assurance to be provided by
the external auditors of banks to the Registrar, the attestation procedures necessary to assess
banks’ compliance with the applicable directives in the Regulations relating to Banks, and the
format for reporting findings to the Department. These specific reviews on banks’ IRB internal
credit models are commonly referred to as ‘long-form reviews’.
The first cycle of long-form reviews commenced in 2009 with the external auditors reporting
their findings to the Department when reviews on specific models were completed. The external
reviews assessed the correctness of risk weights applied by banks
increased reporting duties relating to banks’ use of internal credit models
51Bank Supervision Department Annual Report 2010
auditors requested that, for the first cycle of long-form reviews, the reviews concentrate on the
same or similar asset classes in the IRB banks. The Department directed the auditors initially
to address all highly significant or material asset classes in the scope of the long-form reviews,
namely those portfolios that covered the following:
• Residential mortgage exposures
• Commercial property finance exposures
• Corporate exposures, including SME corporate and specialised lending exposures.
The ultimate aim of the long-form reviews was to report on the accuracy and completeness of
banks’ calculation of the following IRB parameter estimates:
• PD estimates
• LGD estimates, including adjustments
• EAD estimates
• Risk-weighted exposure amounts
• Amount of required capital and reserve funds relating to credit risk
• Related amounts of capital impairments
• Amounts of expected losses.
Reports emanating from the initial long-form reviews for the IRB banks were submitted to the
Department during 2010 and the findings were discussed with the banks. Consequently, the
Department requested banks for which deficiencies were evident to provide and commit to
action plans to address outstanding weaknesses.
2.3.12 Developments in respect of rating agencies
International bodies such as the Basel Committee and the FSB have raised concerns about
the over-reliance of banking regulators and banking legislation on the use of external ratings
issued by approved rating agencies. Such concerns were evident in the Basel Committee’s
October 2010 press release, which indicated a need for a review of the use of rating agency
ratings, specifically in the securitisation capital framework. This view was echoed by the FSB
in its October 2010 publication titled Principles for Reducing Reliance on Credit Rating Agency
Ratings. The ultimate aim of these international bodies is for banking regulators to become less
reliant on the use of external ratings in banking legislation.
The Department decided not to take any immediate action on the use of eligible rating agencies
and external ratings in its regulatory framework, beyond the existing levels of scrutiny and
interactions with these agencies until such time that the Basel Committee has issued a formal
framework or a formal stance on the future use of rating agency ratings in banks’ regulatory
capital calculations.
2.4 Market risk
2.4.1 Introduction
The year 2010 reflected evidence that a global recovery had begun after the financial crisis,
albeit on an uneven basis. Consistent with other emerging-market economies, the South
African markets showed signs of recovery. Nevertheless, levels of market risk in South African
banks continued to follow the reduction in volatility that was present in the secondary markets
for the most part of 2010.
2.4.2 Market risk regulatory reporting methods
The Regulations relating to Banks include two alternative reporting methods for market risk,
namely the
i. models-based internal models approach (IMA); and
ii. standardised approach.
long-form reviews to report on the accuracy and completeness of banks’ calculation of IRB parameter estimates
concerns about over-reliance on the use of external ratings
reduction in volatility in secondary markets
Bank Supervision Department Annual Report 201052
Under approved circumstances, banks are also permitted to apply a combination of standardised
and models-based reporting. As at the end of 2010 five of the thirty banks with market risk had
permission to report according to the IMA.
2.4.3 Market risk reviews and key findings
Market risk reviews conducted in 2010 by the Department concentrated on banks with approval
to use IMA for regulatory reporting. The Department received one application for use of the
IMA. The application and approval processes were similar to those conducted in the previous
years. The approval process included usage of a questionnaire, off-site analysis of the bank’s
information submission and an on-site review. The applicant was granted approval to adopt the
IMA for the period beginning 1 January 2011.
The Department continues to conduct annual and quarterly reviews of the trading activities
of IMA banks to assess their suitability to continue using the IMA. These reviews focused on
changes in the sources of risk facing banks and their reaction in the form of changes to strategy,
products, systems, structure, risk limits and capital. The recent performance of trading income
generation and effectiveness of risk controls are also examined. The reviews complemented the
data already received by the Department in the form of regulatory returns and other prudential
requirements of IMA banks, such as monthly submissions of backtesting and stress-testing
results. A total of 18 on-site meetings in the form of IMA annual reviews, new application and
quarterly reviews were conducted during the 2010 calendar year.
The operational issues that resulted in poor performance of the VaR model at certain banks in
the previous year were resolved, and the multiplication factor used to prescribe the amount of
capital a bank is required to hold was lowered for the affected banks. The trading operations
of many banks struggled to meet revenue targets during the year due to lower market activity
and reduced volatility experienced for most of the 2010 calendar year, with the exception of the
last quarter.
Banks’ exposures to equities that are generally held for investment purposes are included
in the banking book for accounting purposes. From a regulatory perspective, they receive
capital treatment that is independent of the market risk charge, and is more punitive, with
the risk weighting ranging between 100 and 400 per cent. Fifteen banks reported exposures
of this nature in the course of 2010. Capital charges under these regulations contributed to
approximately 4,99 per cent of banks’ total capital requirements. For supervisory purposes,
equity risk is overseen alongside market risk. Capital held for market risk made up about
2,25 per cent of the total capital requirement for the banking sector during the year.
2.4.4 Thematic review on liquidity risk management
In terms of the supervisory programme and the methodologies employed for the achievement
thereof, the Department initiated a thematic review that addressed aspects pertaining to sections
79(1)(c) and 79(2) of the Banks Act, 1990, and regulation 26(13) of the Regulations relating to
Banks. According to section 79 of the Banks Act, 1990, a bank shall not issue negotiable
certificates of deposit (NCDs), promissory notes (PNs) or instruments of a similar character in
excess of a percentage as specified in the Regulations relating to Banks. The objective of the
review was to establish whether banks issued these instruments and whether they complied
fully with the aforementioned regulation.
A questionnaire addressing the above-mentioned requirements was submitted to banks for
completion. Information requested by the Department via the questionnaire was complemented
with information obtained from regulatory returns for off-site analysis purposes. In addition,
external auditors were required to attest to the accuracy of the information contained in the
responses to the questionnaire to ensure that all the information was presented correctly and
completely in all material respects.
market risk reviews concentrated on IMA banks
market risk capital made up about 2,25 percent of the total capital requirement
53Bank Supervision Department Annual Report 2010
The results of the review were used to obtain a better understanding of the reporting on the
regulatory returns and to formulate possible amendments to the Regulations relating to Banks.
Generally, banks in South Africa either directly or indirectly address the relevant matters
associated with the issuance by a bank of the above-mentioned instruments. However, the study
revealed that banks should pay additional attention to ensuring that policies and processes
are developed to enhance monitoring and control and, ultimately, the liquidity risk emanating
from the issuance of such instruments. The Department acknowledges that the South African
financial sector faces structural funding challenges which may affect the way in which banks
fund their businesses. Banks are encouraged to pursue appropriate combinations of funding
strategies taking cognisance of the term ‘structure’ and concentration risks associated with
stressed circumstances.
Further work in this area will continue during 2011 in the form of a review that will be conducted
by external auditors against particular criteria. The additional work will only be conducted for
specific banks.
2.4.5 Participation in liquidity risk simulations
During 2010, the Department participated in liquidity risk simulation exercises at banks,
which were facilitated by an independent external party. As is common knowledge, the
recent international financial turmoil has proved that the importance of proper liquidity risk
management within a formalised risk framework, commensurate with the nature and scale of
business conducted by banks, has been underestimated. Representatives of the Department
fulfilled the role of observers during these exercises.
The simulation exercises were based on a range of bank-specific balance-sheet and liquidity
crisis simulation exercises, customised to meet banks’ unique situations and the respective
balance-sheet and crisis management teams’ learning objectives. The aim was also, among
other things, to allow participating banks to further enhance their resilience to liquidity stress in
real-life scenarios, and to identify weaknesses and flaws in liquidity contingency plans. Although
planning and preparedness are extremely important, testing under stress scenarios is arguably
the most important component of a bank’s liquidity contingency planning.
It became clear that the real-life scenarios not only challenged experienced crisis and liquidity
management teams, but also effectively tested their respective liquidity risk and crisis management
plans. A secondary advantage of the simulation exercises related to the opportunity for banks’
executive teams to review their own crisis management actions under liquidity stress scenarios,
and to ascertain whether key staff members understood the crisis risk management processes
and their respective roles. It was, from the Department’s perspective, interesting to observe how
these teams co-ordinated with one another, and gave the management teams a sense of their
banks’ overall control and communication challenges. Furthermore, crisis management teams had
the opportunity to learn how to test their own crisis and liquidity stress management processes,
and how to operate effectively with one another under challenging circumstances.
From the outset, the liquidity simulation exercises were extremely useful since they focused
on testing key liquidity management components, such as banks’ risk strategies and profiles;
the nature of business and asset types; funding strategies; the measurement and modelling of
maturities; stress testing; and the availability of liquidity buffers, to name but a few. Furthermore,
the exercises also focused on concentration risks, the quality and availability of management
information, skills in the treasury and balance-sheet management functions, cost and revenue
optimisation, and liquidity contingency planning.
Participants reported that they found the said simulation exercises extremely useful, that, they
highlighted areas in which they could improve, and that they demonstrated the need for robust
and conservative liquidity risk management planning. In conclusion, the Department is of the
opinion that liquidity risk simulation exercises are extremely valuable and useful, and that they
facilitate the enhancement of banks’ respective liquidity risk management frameworks.
the South African financial sector faces structural funding challenges
proper liquidity risk management has been underestimated
crisis management teams test crisis and liquidity stress management processes
liquidity risk simulation exercises extremely valuable
Bank Supervision Department Annual Report 201054
2.4.6 Review of exposure to Portugal, Ireland, Italy,
Greece and Spain
The fear that the sovereign debt crisis in Europe, which affected Portugal, Ireland, Italy, Greece
and Spain (PIIGS), would negatively impact the South African banking sector resulted in the
Department reviewing South African banks’ exposures to PIIGS in all asset classes. The results
of the analysis of exposures provided no evidence to suggest that the banking-sector exposure
to PIIGS was significant or warranted concern.
2.4.7 Review of reporting methodologies for equity risk
in the banking book
During 2010, a review of the reporting methodologies utilised for reporting equity risk in the
banking book on form BA 340 was conducted. Regulation 31 of the Regulations relating to Banks
allows various methodologies to be adopted. The methodology used by a bank is required to be
appropriate to the nature of its business and the complexity of its operations. The Department’s
off-site industry-wide analysis revealed that certain banks were using inappropriate reporting
methodologies, given the nature and complexity of their business operations. The relevant banks
were requested to change their reporting methodologies to those that were more appropriate,
given their own circumstances. This resulted in the affected banks being required to allocate
increased capital for equity risk in the banking book.
2.5 Operational risk
2.5.1 Introduction
Operational risk is inherent in all banking products, services and activities, and the effective
management of operational risk has always been a fundamental element of banks’ risk
management programmes. As a result, sound operational risk management is a reflection of
the effectiveness of the board and bank’s management in administering its portfolio of products,
services and activities. Effective operational risk response is not only about proactively reducing
the downsides associated therewith, but also about seizing the opportunities for innovation and
growth that may arise.
Similar to natural and human-induced disasters, most people largely ignore operational risk until
it happens. Operational risk has to be minimised, whereas credit and market risk is normally
optimised. Operational risk is the risk of loss resulting from failed or inadequate processes,
people, systems and external events. Accordingly, the Department continued to promote and
enhance the effectiveness of operational risk management at banks and banking groups since
it contributes to enhancing the soundness of the banking system.
In line with the Department’s supervisory review programme, a risk-based approach has been
applied to the review of banks’ operational risk. The Department recognises the principle of
proportionality; in other words, the nature and extent of the operations and exposure of a
bank or controlling company that will influence the nature, timing and extent of operational risk
management within a bank or banking group. The bank and controlling company should have
in place risk management policies and processes to identify, assess, monitor and control or
mitigate operational risk. These policies and processes should be commensurate with the size
and complexity of the bank and controlling company.
The work performed during the year can be summarised in the following categories:
• Focused operational risk reviews
• Processing of new applications
• Involvement in drafting operational risk consultative papers issued by the Basel Committee.
banking-sector exposure to PIIGS not significant
certain banks used inappropriate reporting methodologies
policies and processes should be commensurate with the size and complexity of the bank
55Bank Supervision Department Annual Report 2010
2.5.2 Focused operational risk reviews
A number of focused operational risk reviews were carried out during the year. The purpose of
the reviews was, among other things, to determine whether banks had in place risk management
policies and procedures to identify, assess, monitor and control or mitigate operational risk, and
if banks that were using one of the four approaches for calculating operational risk capital,
namely the AMA, TSA, the alternative standardised approach (ASA) or the BIA are meeting the
qualifying criteria, and qualitative and quantitative standards.
The reviews were conducted in line with the risk-based supervision approach and the principle
of proportionality as discussed earlier. A high-level example of the most prominent topics
addressed during 2010 is as follows:
• Review of the management information reports or “dashboards” used for operational risk
management on a group consolidated, bank, major subsidiary and material business unit
level.
• Update and review of outsourcing and business continuity.
• Review of the alignment of the group strategy with the operational risk appetite statement.
• AMA banks and the AMA applicant were requested to demonstrate the use of the operational
risk management framework and the operational risk measurement system.
• Findings of banks’ internal audit regarding scenarios.
• Discussion of internal and external audit reports issued during the banks’ 2009/10 financial
year related to operational risk management.
The main findings from reviews are as follows:
2.5.2.1 Quality of the operational risk management information reports
The Department encouraged banks (refer to the Annual Report 2009 Bank Supervision
Department: pages 55–56) to improve the qualitative characteristics (i.e., reliability,
relevance, comparability and understandability) of the operational risk management reports
on a consolidated, subsidiary and business unit level. Qualitative characteristics are those
attributes that make the information provided in operational risk management reports useful. If
comprehensive and useful information does not exist, managers may not be aware of the true
operational risk condition of their bank and key governance players may be misled.
The scope of operational risk is broad and the base of operational risk management is wide.
Operational risk should therefore not be viewed in isolation. A sound practice for senior
management to follow is to ensure that staff responsible for managing operational risk co-
ordinate and communicate effectively with staff members responsible for managing credit, and
market and other risks, and with those in the bank who are responsible for the procurement of
external services such as insurance risk transfer and outsourcing arrangements. Failure to do
so could result in significant gaps or overlaps in a bank’s overall risk management programme.
The operational risk management function should be able to consolidate detailed information
at business unit or divisional level in a meaningful way for senior managers to assess and then
determine what action to take.
During 2010, banks made good progress towards improving the quality of operational risk
reporting.
2.5.2.2 Outsourcing and business continuity
The Department was satisfied with the overall work completed by banks relating to outsourcing,
business continuity planning and disaster recovery planning. In a limited number of isolated
cases, the Department noted instances where no disaster recovery facilities were in place
for certain subcomponent parts of a business unit and where the test simulations were not
satisfactory. These banks were requested to supply the Department with a progress report,
including timelines, to finalise all issues in the business units related to disaster recovery.
operational risk should not be viewed in isolation
focused operational risk reviews
Bank Supervision Department Annual Report 201056
2.5.2.3 Alignment of the group strategy with the operational risk appetite statement
Operational “risk appetite” is a high-level determination of the types of risk a bank is willing to
accept, taking into account the risk/return attributes. Risk appetite is associated with strategy,
such as the decision to enter the payments and settlements business. Operational “risk
tolerance” is a more specific determination of the type or amount of risk a bank is willing to
accept in relation to a business strategy, such as the payment activities, types, or products the
bank is willing to entertain. Risk appetite and tolerance statements may be combined.
The discussions held between the banks and the Department did not focus on the differences
between the tolerance and the appetite for operational risk. In order to stimulate discussion
around the operational risk appetite statement (ORAS) , banks were requested to demonstrate
and/or explain the following:
• How did the board (or a board subcommittee) monitor adherence to ORAS
• Clear and measurable triggers form part of the ORAS or operational risk tolerance that
results in remedial action
• ORAS considers all relevant risks, including risk aversion, the current financial situation, the
business environment and the group’s corporate culture and strategic direction.
Since operational risk is evolving, the setting and reviewing of ORAS is not as yet a well-
established practice. More time, development and maturity of banks’ operational risk
management frameworks will be required to set and embed operational risk appetite.
2.5.2.4 The demonstration of the use of the operational risk management framework and operational risk measurement system
An AMA banking group is required to develop an operational risk management framework
(ORMF) that enables management to manage and measure operational risk effectively.
The ORMF consists of operational risk organisational and governance structures, policies,
procedures and processes, and systems a bank uses in identifying, assessing, measuring,
monitoring, controlling and mitigating operational risk. A banking group’s operational risk
measurement system (ORMS) consists of the systems and data used to measure operational
risk in order to estimate operational risk regulatory capital.
The level at which the broader ORMF processes and practices have been embedded at all
organisational levels across a bank is referred to as ‘embeddedness’. The embeddedness
assessment is based on the supervisory review of management’s judgement and decision-
making, and is broader than a “point-in-time” assessment. Clearly, when it is used in decision-
making over a sustained period, it can add to a demonstration of the level of embeddedness,
and the concept should not be regarded as a one-off, single-point-in-time test. The requirement
is ongoing and a bank will need to ensure that its ability to demonstrate embeddedness is not
adversely impacted by change, for example, in staff, products, processes or environment.
A bank must meet the use and embeddedness requirement at the time of the initial AMA
assessment, and on an ongoing business-as-usual basis. In the business-as-usual context,
it is expected that the ORMF will be updated regularly, and evolve as more experience in the
management and quantification of operational risk is gained.
The Department was satisfied that AMA banks’ business entity or unit heads and responsible
staff had a working knowledge of the ORMS methodology (i.e., it was not regarded as a “black
box”) and ORMF.
more development and maturity of operational risk management frameworks required
embeddedness assessment of management’s judgement and decision-making
57Bank Supervision Department Annual Report 2010
2.5.2.5 Banks’ internal audit findings regarding scenarios
The Department requested the AMA banks’ Internal Audit Departments to include in their audit
programmes for 2010 an audit of the design and operating effectiveness of scenario policies
and procedures. The Department required that this audit include the documentation of the
scenario elicitation process, the completeness of the scenario results and the transparency of
the underlying processes used. The results of the audits were discussed with the banks involved.
As a result of the internal audit reports, the Department required banks to strengthen the
• attendance of scenario workshops and enhance the governance over the approval of
scenarios; and
• challenge of scenarios, where scenario severities were decreased without substantiating
documentation or were in conflict with the current control environment.
2.5.2.6 Discussion of internal and external audit reports
The board of directors of a bank should ensure that the bank’s operational risk framework is
subject to effective independent review by audit. Audit coverage should be adequate to verify
independently that the bank’s operational risk framework has been implemented as intended
and is functioning effectively. The Department included the following during the focused
operational risk reviews:
• Discussion of group internal audit reports issued during the banks’ 2009/10 financial year
related to operational risk management. Not only operational risk-specific audits were
included in the discussions, but also audits where operational risk-related issues were the
cause of unsatisfactory opinions.
• Discussion of issues raised by the banks’ external auditors in reports to management during
the interim and year-end audit that are related to operational risk.
The discussions contributed to the information-gathering process and supervisory review and
evaluation process.
2.5.3 Addressing shortcomings or weaknesses
and implementing improvements
For the limited number of cases where the Department was not satisfied with the level, status,
sophistication or practical application of operational risk management, the banks concerned
were requested to address shortcomings or weaknesses and implement improvements. These
banks provided the Department with feedback on a regular basis and the Department is
comfortable with the progress made.
2.5.4 The processing of new applications
The Department received one application from a banking group to adopt a more appropriate
and sophisticated approach to calculate the operational risk exposure and regulatory capital.
The application was in respect of AMA. The application and approval processes were similar
to those followed in the previous years (please refer to the Annual Report Bank Supervision
Department 2007: pages 33, 34). The applicant banking group was granted approval to adopt
the mentioned approach.
2.5.5 Status of banks per operational risk approach
As at the end of 2010, the number of banks that was using the respective approaches for
operational risk was as follows:
audit coverage should be adequate
application to adopt a more sophisticated approach to calculate operational risk exposure and regulatory capital
Bank Supervision Department Annual Report 201058
The difference in the number of banks-per-capital approach between 2010 and 2009 is
attributable to the one bank moving from TSA to AMA and another, namely Imperial Bank
Limited, being deregistered in 2010.
2.5.6 Operational risk consultative papers issued by the
Basel Committee
The Department continually monitors developments with regard to operational risk. In this regard
the Basel Committee issued two consultative documents on operational risk in December
2010, namely “Sound Practices for the Management and Supervision of Operational Risk” and
“Operational Risk: Supervisory Guidelines for the Advanced Measurement Approaches”.
“Sound Practices for the Management and Supervision of Operational Risk”7 updates the
Basel Committee’s 2003 paper on this topic. The updated version highlights the evolution
of operational risk management since 2003, and is based on best industry practice and
supervisory experience. The Basel Committee anticipated that industry sound practice would
continue to evolve, and banks and supervisors have expanded their knowledge and experience
in implementing operational risk management frameworks. A range of practice reviews covering
governance, data and modelling issues, loss data collection exercises, and QISs have also
contributed to industry and supervisory knowledge, and the emergence of sound industry
practice. The principles outlined in the paper are discussed in the context of three overarching
themes: (i) governance, (ii) risk management and (iii) disclosure.
The Basel Committee also issued for consultation a paper titled “Operational Risk: Supervisory
Guidelines for the Advanced Measurement Approaches”.8 The regulatory capital-adequacy
framework envisages that, over time, the operational risk discipline would continue to mature and
converge towards a narrower band of effective risk management and measurement practices.
The guidance seeks to achieve this better by setting out supervisory guidelines. Consistent with
SIGOR’s mandate, this paper identifies supervisory guidelines associated with the development
and maintenance of key internal governance, data and modelling frameworks underlying an
AMA. Because operational risk is an emerging discipline, this paper is intended to be an
evergreen document and, as further issues are identified and expectations for convergence
towards a narrower range of appropriate practices are developed, they too will be added to
the document. This paper does not reduce or supersede the discretion of national supervisors
to act in a manner that is consistent with their particular regulatory approaches. Rather, the
7 Available at http://www.bis.org/publ/bcbs183.htm.
8 Available at http://www.bis.org/publ/bcbs184.htm.
industry sound practice would continue to evolve
convergence towards a narrower band of effective risk management and measurement practices
December 2009
Advanced measurement approach 2
Alternative standardised approach 2
The standardised approach 10
Basic indicator approach 17
December 2010
Figure 2.2 Number of banks per operational risk approach
Advanced measurement approach 3
Alternative standardised approach 2
The standardised approach 8
Basic indicator approach 17
59Bank Supervision Department Annual Report 2010
publication of this paper is intended to facilitate a convergence of practice by banks and national
supervisors. Furthermore, while the status of banks accredited to use an AMA framework will
not be affected by the observations and conclusions of this paper, some AMA banks may need
to amend their practices to reflect the paper’s contents.
The aforementioned two proposals are also likely to have an impact on the current regulatory
and supervisory framework in South Africa, particularly relating to operational risk management.
Furthermore, as a member of the Basel Committee, South Africa would be expected to adopt
the proposals once they have been finalised.
South African banks were invited to respond to these proposals, highlighting any practical
difficulties foreseen or potential effects on both themselves and the general banking sector that
would require some consideration from the Basel Committee.
2.5.7 Conclusion
Although the Department is satisfied with the management of operational risk from a sectoral
perspective, there is room for improvement. Banks were, yet again, encouraged to monitor the
ongoing move of operational risk towards the act of managing risk rather than merely keeping
score. Because operational risk management is evolving and the business environment is
constantly changing, management should ensure that operational risk policies, processes
and systems remain sufficiently robust. Improvements in operational risk management will
depend on the degree to which operational risk managers’ concerns are considered, and
the willingness of senior management to act promptly and appropriately on their warnings. A
constant challenge for management is to validate that sufficient assurance can be placed on
the design and operating effectiveness of the operational risk framework, policies, procedures
and internal controls to identify, assess, monitor and control or mitigate operational risk to which
the entity is exposed.
2.6 Pillar 2: Capital management
2.6.1 Introduction
As stated in the Department’s 2009 Annual Report, the focus areas of the ICAAP reviews for
2009 were on the five largest banks. Furthermore, future work would focus on the following
during 2010:
• Finalisation of ICAAP reviews of smaller banks
• Commencement of ICAAP reviews of branches of foreign institutions.
The general consensus on the small banks’ ICAAPs is that, in most of the cases, risk
management processes are in place, but their articulation in the ICAAP document is poor.
Pertinent risk areas for smaller banks operating in niche areas of expertise that require more
attention include concentration risk, interest rate risk in the banking book and business risk. As
regards larger banks, ICAAPs are constantly improved upon and refined. Credit risk remained
the most significant risk area for larger banks.
2.6.2 Overview of the analysis of unsecured retail loans
in the South African industry and the level of
capital to be held by banks that adopt different
approaches to measure credit risk
During 2009–10, the Department conducted ICAAP on-site reviews at banks whose main
business is that of granting unsecured finance in the retail market. These banks did not have
sufficient internal data to enable the comparison between the IRB approach and STA. The
banks encouraged to move operational risk towards the act of managing risk rather than merely keeping score
the Department conducted ICAAP on-site reviews at banks
Bank Supervision Department Annual Report 201060
comparison was necessary in order to assess the sufficiency of capital held by banks that apply
STA in this particular market segment.
Subsequent to the ICAAP on-site reviews, the Department conducted an industry analysis of
banks that had adopted the IRB approach in South Africa. The analysis included unsecured
retail loans, less than R30 000, including loans where the maximum National Credit Act (NCA)
interest rates were charged. The aforementioned industry analysis showed that the amount of
capital held by IRB banks was significantly more than the amount held by banks on the STA,
with similar portfolios. Furthermore, in order to ensure level playing fields, these data would be
used to determine the individual capital requirements for banks on STA in the same niche market.
Based on the review of the aforementioned unsecured lending books of three large IRB banks,
it was evident that the three banks that applied the IRB approach held 3,13 times more required
RWAs than banks that had adopted STA.
It should be noted that the above-mentioned study only attempted to ascertain the sufficiency
of capital requirements relating to credit risk, and excluded other risk areas such as operational
risk, business risk and concentration risk.
2.6.3 Capital floors
Directive 9/2009 issued in terms of section 6(6) of the Banks Act, 1990 requires banks to be
subject to capital floors in their first four years of implementing IRB approaches for credit or the
AMA for operational risk. Capital floors were put in place in order to ensure that large amounts
of capital were not released when banks adopted more advanced approaches in respect of
credit risk and operational risk.
In respect of banks that had adopted the IRB approach since 1 January 2008, the capital
floor requirement was based on 95 per cent of the Basel I figure. Since 1 January 2010 the
requirement has been reduced to 90 per cent.
The Department monitored the capital floor reporting by banks during the year under review
and in certain instances requested the external auditors to review the accuracy of capital floor
calculations. Three banks were required to hold more capital during various reporting periods
in 2010, in order to comply with capital floor requirements.
2.6.4 Participation in the Basel Committee (Basel III)
Quantitative Impact Study
As a member of the Basel Committee, South Africa participated in the comprehensive quantitative
impact assessment. A total of seven locally registered South African banks were requested to take
part in the assessment. The selected banks and their dedicated employees were instrumental in
ensuring South Africa’s successful participation in the aforementioned exercise.
Participating banks first submitted data on 30 April 2010, whereafter the Basel Committee
required that they submit additional data. All South African banks submitted the required data
on time; the deadline for the submission of completed templates containing additional data to
this Office was 23 September 2010. Notwithstanding the tight deadlines, all participating bank
submissions and corrections were made on time.
It was of the utmost importance that the Department received accurate data from participating
banks for onward transmission to the Basel Committee. Therefore, the following actions were taken:
• South African banks participating in the impact assessment were requested to comment on
the accuracy of the proposed templates and instruction document, before the final
documents were released by the Basel Committee.
• In order to ensure that banks understood what was required and to clarify interpretational
issues on the templates, the Department collated questions from participating banks and
provided responses to those questions. On 18 March 2010 a workshop was held with all
participating banks to clarify and discuss interpretational issues.
industry analysis of banks that adopted the IRB approach
capital floor reporting by banks
comprehensive quantitative impact assessment
61Bank Supervision Department Annual Report 2010
• Meetings were held with participating banks, where the preliminary results of their
submissions were discussed and so too final corrections, where necessary, before the data
were sent to the Basel Committee in May 2010.
• The Basel Committee’s list of frequently asked questions was released to participating
banks, as and when it was updated. The extensive question-and-answer documents
ensured that the submission templates were completed in a uniform manner, thereby
facilitating comparison between global banks.
• The Department and members of the various working groups of the Basel Committee
received the data.
The data collected in comprehensive quantitative impact assessments were used by the Basel
Committee to determine the final calibration of the new Basel III requirements. The impact
assessment also gauged what the impact of the Basel III rules would be on participating banks
and participating countries.
The final outcome of the work done by the QIS Working Group, the PDG and the Basel
Committee was the Basel III rules that were subsequently published by the Basel Committee in
2010, together with a public report on the data collected.9
2.6.5 Overview of Basel Committee press releases or
papers relating to capital, and the
Department’s comments
The Basel Committee issued the following consultative documents and requested comments
thereon:
• “Strengthening the Resilience of the Banking Sector (December 2009)”
• “Countercyclical Capital Buffer Proposal (July 2010)”
• “Basel Committee Proposal to Ensure the Loss Absorbency of Regulatory Capital at the
Point of Non-Viability (August 2010)”
• “Capitalisation of Bank Exposures to Central Counterparties (December 2010)”.
The aforementioned consultative documents contained proposed regulatory capital-adequacy
rules that would impact on the current regulatory and supervisory framework in South Africa.
Furthermore, as a member of the Basel Committee, South Africa would be expected to
implement the proposals once they have been finalised.
It was therefore necessary and important for the South African banking sector to respond to
these proposals, highlighting the potential effects on both themselves and the industry, and
setting out practical aspects to be considered with respect to their implementation. In this
regard, the Department facilitated a sector response to the Basel Committee.
2.7 Pillar 3: Disclosure
2.7.1 Introduction
Following the FSB’s release of a document titled “Thematic Review on Risk Disclosures by
Market Participants” in June 2010, the Department provided input by means of a review
template on the thematic review of the implementation by FSB member jurisdictions of the
risk disclosure recommendations of the April 2008 FSB Report on Enhancing Market and
Institutional Resilience.
The review template was structured around the three recommendations contained in the above-
mentioned FSB 2008 report.
9 Available at: http://www.bis.org/list/basel3/index.htm.
Basel Committee to determine the final calibration of Basel III requirements
South Africa to implement proposals once they have been finalised
Bank Supervision Department Annual Report 201062
Part 1 on recommendation III.1 of the April 2008 report enquired about supervisory dialogue
with firms involved in leading-practice risk disclosures to the public, and the extent to which
these firms had made the identified disclosures in 2008 and subsequent periods.
Part 2 on recommendation III.2 was based on industry efforts to identify the principles for useful
risk disclosures, or to identify any specific additional recommended disclosures, going forward.
Part 3 on recommendation III.3 questioned the steps taken or planned by supervisors to
implement the Basel II Pillar 3 disclosure enhancements recommended by the Basel Committee
in July 2009 by the end of 2010.
2.7.2 Overview of the process of assessing disclosure
The process followed in assessing the Pillar 3 disclosure of banks comprised the following steps:
Step 1: The Department reviewed banks’ disclosures as published on their websites and as
part of their annual reports.
Step 2: The disclosures were benchmarked against the requirements of regulation 43 of the
Regulations relating to Banks.
Step 3: The Department provided feedback on the banks’ disclosures during structured
meetings, and gaps identified with regard to these disclosures were highlighted.
Step 4: A letter summarising all the findings was sent to each bank for its comments on the
overall assessment and feedback on the steps it intended to implement in order to
ensure full compliance with the disclosure requirements.
Step 5: The banks’ responses were analysed, and their compliance with the requirements was
followed up in future disclosures to determine whether the specific identified gaps and/
or areas of non-compliance had since been rectified.
The Pillar 3 disclosure reviews focused on large banks and some of the medium-sized banks
in South Africa. A disclosure template was developed and used for the aforementioned
benchmarking exercise. The key objective of the Pillar 3 reviews performed by the Department
was to assist banks in complying with all the disclosure requirements that were applicable to
them by identifying gaps and making appropriate recommendations.
2.7.3 Key findings
The Department noted a marked improvement in the level of public disclosure by banks since
the January 2008 Basel II implementation date. All the banks reviewed during 2010 were
found to be taking appropriate steps to move towards full compliance with the requirements
of regulation 43 of the Regulations relating to Banks. However, the Department identified the
following common disclosure weaknesses:
• Most of the banks did not disclose the differences between the manner in which the entities
within the group were consolidated for accounting and for regulatory purposes.
• Bank capital requirements for all the different risk areas were not disclosed in the required
format; RWAs instead of capital requirements were disclosed.
• With regard to credit risk the following was noted:
– The non-disclosure of banks’ average amount of gross exposure during the reporting
period, which amount should be calculated on a daily average basis
– In the case of disclosure of the maturity breakdown of the bank’s credit portfolio, which should
be based on the residual contractual maturity of the said exposures, it was found that in most
cases banks were not disclosing the information for each major type of credit exposure
– In the case of historical information, it was found that banks that had adopted the IRB
approach for measurement of credit risk did not disclose quantitative information relating
to historical results on the amount of actual losses (i.e., amounts written off and specific
disclosure template was developed and used for benchmarking exercise
the Department identified common disclosure weaknesses
63Bank Supervision Department Annual Report 2010
provisions raised) in respect of the period preceding the current financial year, including
sufficiently detailed information in respect of
º the extent to which the loss amounts differed from the past experience and the factors
that impacted on the bank’s loss experience; and
° a comparison between the bank’s risk estimates and actual outcome over a sufficiently
long period to assess the bank’s internal rating processes with reasons for any material
differences
• With respect to market risk, some banks did not disclose the cumulative amount of gains or
losses they had realised from the sale or liquidation of positions held in the bank’s banking
book during the current reporting period.
2.8 Stress testing
2.8.1 Introduction
‘Stress testing’, as defined by the BIS, is a risk management technique that is used to evaluate
the potential effects of a specific event and/or movement in a set of financial variables on an
institution’s financial condition. As financial resources fall and as requirements for these resources
are likely to rise in times of stress, stress testing is a key tool used by regulators for understanding
the appropriate level of resources required to ensure that banks remain solvent and liquid during
difficult times. From a supervisory perspective, it is of paramount importance that the Department
objectively establishes that South African banks are capitalised adequately. In this regard, the
capital buffer, as confirmed in the stress-testing approach, forms a major element.
It is necessary for banks and other financial institutions to hold sufficient capital and liquidity
buffers to protect themselves against severe unexpected events. Shareholders, investors and
depositors need to be confident that the banking system will not become distressed to the point
of failure, whatever the future state of the economy. Stress testing is an important input to the
capital-adequacy assessment process and decisions concerning the adequacy of capital buffers.
2.8.2 Overview of common scenario stress-testing exercise
Performing stress testing based on common scenarios is one of the principles for sound stress
testing as outlined by the BIS. During 2010, the Department performed a common scenario
stress-testing exercise on the South African banking system. A common scenario exercise
requires all participating entities to apply the same scenarios, whereas the banks may perform
internal stress-testing exercises using bespoke scenarios.
The overall objective of the exercise was to identify and assess the vulnerabilities of the South
African banking system under different plausible stressed macroeconomic scenarios. Each
participating bank independently applied the set of common macroeconomic scenarios
provided by the Department, and the Department collated and compared the results. The
results were measured in terms of the impact of the scenarios on the capital-adequacy and
liquidity profile of the banking system.
Participating banks’ results were aggregated to provide a view of the total banking industry’s
vulnerabilities. Since factors such as size, complexity, business models and risk profile are built
into the results of each bank, the aggregate results presented in this report cannot be directly
linked to individual banks. Since the participating banks, being the five largest banks, represent
approximately 90 per cent of the South African banking sector, the results of the stress-testing
exercise can be interpreted as being representative of the total banking sector.
2.8.3 Process followed
The exercise targeted the macroeconomic effects at the South African banking group level,
excluding insurance entities, and as alluded to above, the scope was limited to the five largest
South African banks representing the majority of the balance-sheet size of the banking system.
stress testing is an important input
banks independently applied the set of common macroeconomic scenarios
Bank Supervision Department Annual Report 201064
Workshops were held with participating banks in order to ensure that there was consistency
in translating the scenarios to internal risk parameters. Using internal risk models and granular
portfolio data, banks generated financial results reflecting the impact of the stress scenarios.
The exercise was conducted with the assumption that the regulatory environment would remain
unchanged, since the Basel Committee was still finalising Basel III reforms. Performing the
exercise with the assumption that the Basel III reforms are effective may yield different results.
The stress scenarios were orientated to elicit the effects of stress on credit risk, market risk,
counterparty credit risk, interest-rate risk in the banking book (IRRBB) and liquidity risk. Credit
risk and IRRBB were stressed via macroeconomic scenarios, whereas the balance of the risk
types was stressed using event type scenarios.
2.8.4 Development of scenarios
The scenarios were developed in two phases. In the first phase, workshops focused on
developing a list of financial variables for each scenario. Thirteen variables were selected for the
three macroeconomic scenarios; twenty-six event scenarios were developed for market and
counterparty credit risk, and two event scenarios for liquidity risk. During the second phase, the
Department, in consultation with other departments in the Bank, quantified each variable for the
different scenarios, with a view to creating economically consistent scenarios.
The first scenario generated was the base case scenario, an expectation of how the economy
may evolve over the three years (from 2010 to 2012) from the start of the exercise. This scenario
is required to measure the impact of the stressed scenarios from the base case. The base case
is characterised by a slow return to normal growth, inflation close to the upper target band and
moderate interest rates.
In scenario 1 there is a mild decline in GDP growth, and inflation is above the upper target band
due to the larger-than-expected second-round effects of electricity price increases, interest
rates increase and property price growth slows. However, owing to the short duration of the
stress, limited policy intervention is required in 2011–12.
Scenario 2 is characterised by a rapid decline in output due to an escalation of the global debt
crisis. However, owing to the lower base in 2009, the average over 2010 remains positive.
Interest rate spreads widen (mostly due to the lack of confidence in the global financial system),
causing an increasing interest rate environment. This, coupled with the limited ability of South
Africa’s major trading partners to implement expansionary fiscal and monetary policy, slows the
domestic recovery.
The scenarios for market and counterparty credit risk broadly address the effects of shocks in
interest rates; the price of equity, currency and commodities; counterparty risk; and issuer failure.
2.8.5 Results of the common scenario stress-testing
exercise
2.8.5.1 Credit risk
Table 2.1 illustrates the effects of the three scenarios on loans and advances. Lower levels of
loans and advances result under the more severe scenarios. Growth declines for both stressed
scenarios in year 2 (2011), by 1 per cent for scenario 1 and 12 per cent for scenario 2.
scenarios were developed in two phases
Table 2.1 Loans and advances over time for all scenarios
Base Scenario 1 Scenario 2
Loans and advances
Growth(per cent)
Loans and advances
Growth(per cent)
Loans and advances
Growth(per cent)
2010......................................... 2,837 2,743 2,656
2011......................................... 3,155 11 2,703 -1 2,332 -12
2012......................................... 3,491 11 2,903 4 2,418 6
65Bank Supervision Department Annual Report 2010
2012201120101,0
1,5
2,0
2,5
3,0
3,5
4,0
4,5
Base Scenario 1
Per cent
Scenario 2
Figure 2.3 Impairments as a percentage of loans and advances
Figure 2.3 illustrates the impairment ratio, that is, total impairments as a percentage of gross
loans and advances, for each scenario over time. The impairment ratio remains virtually
unchanged for the base case, increasing slightly from 2,07 per cent to 2,09 per cent. The impact
of the deteriorated macroeconomic conditions on the credit risk exposures can be observed
by the increase in the impairment ratio for scenario 2 from 2,58 to 3,88 per cent in 2012, almost
double the ratio for the base case.
The rand amount of the credit losses for each scenario is depicted in Figure 2.4. Only the
credit losses for scenario 2 exhibited substantial change, increasing from R30 billion in 2010 to
R42 billion in 2012.
credit losses for scenario 2 increased
Scenario 2Scenario 1Base0
10
20
30
40
50
2010 2011
R billions
2012
Figure 2.4 Credit losses
Bank Supervision Department Annual Report 201066
2.8.5.2 Market and counterparty credit risk
The market and counterparty credit risk scenarios that led to a loss for the industry were
aggregated and assumed to realise in 2010. This aggregated loss was subtracted from the
available capital and is depicted as the red data series in Figure 2.5.
Such a simultaneous occurrence of multiple stress events occurring is highly unlikely. However,
the banking system remained adequately capitalised.
2.8.5.3 Liquidity risk
Liquidity risk was assessed via the LCR, which measures the ratio of available high-quality liquid
assets to the net cash outflows expected over a 30-day period of system-wide stress, and the
aggregation assumed that the cash outflows were to parties outside the banking sector. Two
different liquid asset stress scenario definitions were used: (i) baseline narrow and (ii) baseline
broad. The difference between the scenarios is the inclusion of bonds in the broad scenario.
The results of the exercise are illustrated in Table 2.2.
The ratios are similar under both scenarios, as the broad definition includes only an additional
R2 billion of liquid assets. These ratios fail to meet the target of 100 per cent.
2.8.5.4 Profitability and capital adequacy
The net interest income increase for all the scenarios over time, offsetting to some degree the
credit losses discussed in section 2.8.5.1, is illustrated in Figure 2.6.
two different liquid asset stress scenario definitions were used
Table 2.2 Liquidity coverage ratio
Baseline narrow Baseline broad
Total liquid assets (R billions) .......................................... 172 174
Net cash outflows (R billions) .......................................... 367 367
Liquidity coverage ratio (per cent) ................................... 46,8 47,4
0
2
4
6
8
10
12
14
16
Capital-adequacy ratio after lossesLoss
Per cent
Figure 2.5 Capital-adequacy ratio after subtraction of losses
Base Scenario 1 Scenario 2
67Bank Supervision Department Annual Report 2010
The impact of the macroeconomic scenarios on profitability is shown in Figure 2.7. The
profitability under the stress scenarios is lower than that for the base case. However, the system
remains profitable across all years.
The banks remained adequately capitalised throughout the three-year period of the forecast
period, including under the stress scenarios (refer to Figure 2.8).
banks remained adequately capitalised
0
10
20
30
40
50
60
70
80
90
100R billions
Figure 2.6 Net interest income
Base Scenario 1 Scenario 2
2010 2011 2012
0
10
20
30
40
50R billions
Figure 2.7 Impact of macroeconomic scenarios on profitability
Base Scenario 1 Scenario 2
2010 2011 2012
Bank Supervision Department Annual Report 201068
2.8.6 Conclusion
The required capital emanating from the common scenario stress exercise remains remarkably
stable for credit risk and, with subdued demand for credit, capital requirements remain stable.
Despite a substantial increase in credit risk losses in scenarios 1 and 2, these losses remained
within manageable levels.
The impact of the market risk events is limited. Even including the full set of events, at the worst
possible date, the impact on the capital adequacy is manageable, with banks maintaining a
healthy capital buffer against a stable capital base.
For IRRBB the impact of these scenarios is positive, as it offsets the credit losses associated
with the increased interest rates.
The liquidity risk results show that as a banking system, cash outflows to the extent of the
definition of the LCR would leave the South African banking system with a large shortage of
liquidity. These results, however, do not consider the expected increased liquid assets as the
banking system prepares itself for the implementation of the liquidity risk reforms.
Overall, the capital adequacy of the banking system remained strong in all these scenarios,
both from an aggregate perspective, and a composition and quality perspective. It is important
to state that the impact of the implementation of the Basel III changes is not reflected in these
stress results and that the results might be different once these Basel III reforms have been
implemented.
losses remained within manageable levels
0
2
4
6
8
10
12
14
16Per cent
Figure 2.8 Capital composition
Base Scenario 1 Scenario 2
Tiers 2 and 3 Other Tier 1 Core Tier 1
2010 2011 2012 2010 2011 2012 2010 2011 2012